Securing the cloud in 2017

Experts agree that next year will see the accelerated development and adoption of cloud solutions by businesses, but concerns about data security are still keeping IT professionals awake.

SANS Institute research shows information security is the biggest concern among IT professionals. Could hybrid clouds and clearer strategy solve this data dilemma?

In its recent Security and Accountability in the Cloud Data Center report, 62 per cent of respondents were worried about the ability of unauthorised outsiders to access data stored on public cloud services, compared to 40 per cent a year ago.

Over half (56 per cent) of those surveyed by SANS claimed they lacked the ability to conduct forensic analyses that would make incident response effective. “What’s driving that concern is increased risk, not worse security in the cloud,” says Jonathan Sander, VP of product strategy for cloud security software firm Lieberman Software.

The reason, according to Sander, is that organisations are leveraging the cloud for more and more sensitive business data. “There is greater risk that any breach on the cloud side has more potential damage.”

The biggest challenge for IT managers in 2017, according Paul Calatayud, CTO of FireMon, is “how best to manage the risks as organisations increase their adoption from basic, non-regulated data to more regulated data”.

Sander believes this shift will challenge the skills of the security professional. “You cannot secure what you cannot see, and the cloud is a blind spot for much of security.”

Hybrid approach

The perceived lack of security from public clouds was felt to be a massive risk by the majority of those interviewed. Worries about the safety of data stored publicly, coupled with increasing pressure from businesses to adopt cloud technologies will, according to Calatayud, see CIOs jump from a ‘wait and see’ approach into ‘response mode’.

IDC believes this number is likely to grow, claiming that more than 80 per cent of enterprise IT organisations will commit to hybrid cloud architectures by 2017. It’s likely to be accelerated by the introduction of new hybrid cloud platforms (for example Microsoft’s Azure Stack) and the growth of Google, which is building new data centres to accelerate its push into offering enterprise solutions.

The expanding scale of cloud solutions and the amount of information businesses share online will see risks increase, but a strategic focus on implementation and security can help mitigate them.

Having a CIO closely aligned to the business will help the strategic deployment of cloud systems, according to Calatayud. “This will ensure that the proper risk management program is in place to identify and manage all risks, including a cloud position.”